ComboFix 14-11-18.01 - Serge_2 2014-11-22 13:21:51.38.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.48.1045.18.1013.269 [GMT 1:00] Uruchomiony z: d:\serge_2\moje tutoriale\Documents\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2014-10-22 do 2014-11-22 ))))))))))))))))))))))))))))))) . . 2014-11-22 12:30 . 2014-11-22 12:30 -------- d-----w- c:\users\Serge_2\AppData\Local\temp 2014-11-22 12:30 . 2014-11-22 12:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-11-22 12:30 . 2014-11-22 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-21 11:27 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0F6C07C-2B1A-4FF6-B4B5-F9894091858E}\mpengine.dll 2014-11-20 21:02 . 2014-09-16 23:47 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC833887-0F72-4BF9-AAF4-6D14F7FDB1E4}\gapaengine.dll 2014-11-20 02:01 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll 2014-11-19 17:47 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-11-13 10:41 . 2014-11-13 10:41 -------- d-----w- c:\program files\Odkurzacz 2014-11-12 02:13 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll 2014-11-12 02:13 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll 2014-11-12 02:13 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll 2014-11-12 02:13 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2014-11-12 02:11 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-11-12 02:11 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll 2014-11-12 02:10 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll 2014-11-12 02:09 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll 2014-11-12 02:06 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL 2014-11-12 02:04 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll 2014-11-12 02:04 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll 2014-11-12 02:04 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll 2014-11-12 02:04 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll 2014-11-12 02:04 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll 2014-11-12 02:02 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys 2014-11-11 00:52 . 2014-11-11 00:52 -------- d-----w- c:\program files\ESET 2014-11-01 16:12 . 2014-11-01 16:14 -------- d-----w- c:\users\Serge_2\moje 2014-10-31 17:45 . 2014-10-31 17:45 -------- d-----w- c:\programdata\APN 2014-10-31 17:39 . 2014-10-31 17:33 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-30 11:24 . 2009-10-03 18:46 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-09-16 23:47 . 2014-08-13 17:36 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-09-09 06:24 . 2014-09-25 11:22 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-04 23:27 . 2014-10-17 06:50 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys 2014-08-29 12:38 . 2014-08-29 12:38 0 ----a-w- c:\windows\system32\REN76FA.tmp 2014-08-29 12:38 . 2014-08-29 12:38 0 ----a-w- c:\windows\system32\REN76F9.tmp . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-04-25 14:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2014-08-22 10:41 974432 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-06-21 16:25 155648 ----a-w- c:\program files\Acer\Acer Arcade\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet] 2007-04-25 12:47 45056 ----a-w- c:\windows\PLFSet.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] 2014-06-24 08:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning] 2014-06-24 08:41 4566952 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-17 10:36 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-11-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-08-21 09:52] . 2014-11-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-08-21 08:41] . 2014-11-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-08-21 08:42] . 2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{B502B7BF-B1B4-41BD-AA39-35DF28BBB530}.job - c:\windows\system32\msfeedssync.exe [2014-11-11 18:55] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1407597502&from=cor&uid=WDCXWD1200BEVS-22UST0_WD-WXC90709687796877 mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1407597502&from=cor&uid=WDCXWD1200BEVS-22UST0_WD-WXC90709687796877 TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Czas ukończenia: 2014-11-22 13:36:37 ComboFix-quarantined-files.txt 2014-11-22 12:36 ComboFix2.txt 2014-11-21 10:58 ComboFix3.txt 2014-11-13 15:30 ComboFix4.txt 2014-11-10 09:18 ComboFix5.txt 2014-11-22 12:20 . Przed: 17 085 480 960 bajtów wolnych Po: 16 834 338 816 bajtów wolnych . - - End Of File - - FC31277D26ECC3A5873AD795D56AC49E A863475757CC50891AA8458C415E4B25